CVE-2018-10237 @ Maven-com.google.guava:guava-20.0

**Checkmarx \(SCA\):** Vulnerable Package
**Vulnerability:** [Read More ](https://devhub.checkmarx.com/cve-details/CVE-2018-10237) about CVE-2018-10237
**Checkmarx Project:** [jerp1979/java\-faker](https://eu.ast.checkmarx.net/projects/80665d4a-17df-4b6a-a5e9-b12ef3137b1d/overview?branch=master)
**Repository URL:** [https://github.com/jerp1979/java\-faker](https://github.com/jerp1979/java-faker)
**Branch:** master
**Scan ID:** [8f3fa71f\-fe46\-4bc8\-9378\-781a0403538e](https://eu.ast.checkmarx.net/projects/80665d4a-17df-4b6a-a5e9-b12ef3137b1d/scans?id=8f3fa71f-fe46-4bc8-9378-781a0403538e&branch=master)


----
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.





----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** HIGH
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 32.0.0-android


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2018-10237 @ Maven-com.google.guava:guava-20.0 #10

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2018-10237 @ Maven-com.google.guava:guava-20.0 #10

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions